On Sunday 23 July 2006 22:07, 李尚杰 wrote: > The code for ipcperm() call :
> 93 if (mode & IPC_M) { > 94 error = suser(td); > 95 if (error) > 96 return (error); > 97 } > 116 if ((mode & perm->mode) != mode) { > 117 if (suser(td) != 0) > 118 return (EACCES); > 119 } > > why not directly return the error in line 94? If suser() returns 0 and you just did 'return(suser(td))' then you would not perform the additional security check in lines 116-119 which could result in allowing access to an IPC object when it should be restricted. -- John Baldwin _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"